A report released by the National Academies of Sciences, Engineering and Medicine warned, based upon the interconnectedness of our information networks, that the country’s electricity system and associated infrastructure remains vulnerable to cyberattacks with a significant potential for widespread system outages, despite any agency or company’s best efforts. Further, the technologies driving Grid Modernization, coupled with continuously evolving regulations, make it both difficult and expensive to stay ahead of someone who is not playing by the rules. Hackers are usually ahead of the curve. They are on the cutting edge, exist outside legal frameworks, well organized and well-funded. The report concluded that the federal government needed to work with utilities and other stakeholders to fortify the nation’s power system.
While North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP) standards are today to some degree effective, so too are the tools and techniques which hackers use to control or scuttle the power grid. Security steps, such as educating workers on best practices for securing laptops, thumb drives, substations and control centers, will not be enough to guarantee the safety of our national grid. Consistent with our firsthand experience, the report calls for a comprehensive security strategy comprised of clear steps for protecting the grid. Security, as noted in the report, must be addressed as a safety issue and be dealt with on an ongoing basis.